If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Re: .NET vs. Enterprise Java: Who's Got Better Security?

Hmmm, Letís see
∑ .NET has just been released, and has no history,
∑ For the entire month of February, Microsoft development
staff conducted code review with an emphasis on security holes,
∑ Microsoft has a history of security related problems
with its software (just look at itís latest XP OS)
∑ Security is such an issue with Microsoft that Mr. Gates
had to make a marketing focus item about the problem.
∑ .NET is a big bang vs. Java incremental approach to security.
Java incrementally made changes with every release to the model.

Re: .NET vs. Enterprise Java: Who's Got Better Security?

"malcolm davis" <malcolm_g_davis@hotmail.com> wrote in message <news:3c7daa75$1@10.1.10.29>...
>
> Hmmm, Letís see
> ∑ .NET has just been released, and has no history,
> ∑ For the entire month of February, Microsoft development
> staff conducted code review with an emphasis on security holes,

It could have been worse, you know... They could have skipped all
that stuff and just shipped it!

--
Joe Foster <mailto:jlfoster%40znet.com> Sign the Check! <http://www.xenu.net/>
WARNING: I cannot be held responsible for the above They're coming to
because my cats have apparently learned to type. take me away, ha ha!

Re: .NET vs. Enterprise Java: Who's Got Better Security?

"Joe \"Nuke Me Xemu\" Foster" <joe@bftsi0.UUCP> wrote:
>"malcolm davis" <malcolm_g_davis@hotmail.com> wrote in message <news:3c7daa75$1@10.1.10.29>...
>
>>
>> Hmmm, Letís see
>> ∑ .NET has just been released, and has no history,
>> ∑ For the entire month of February, Microsoft development
>> staff conducted code review with an emphasis on security holes,
>
>It could have been worse, you know... They could have skipped all
>that stuff and just shipped it!

I think this comparison is not very fruitful, because of the following reasons:

1. You cannot compare Java and .Net. You can compare J2EE and .NET.

2. "Java's protection domain mechanism doesn't look as strong as what Microsoft
is offering." I mean, I don't care how does it look. I want to see the results
and reports of the tests performed on both. We are scientific people, right?

3. This comparison does compare bareback Sun J2EE release. It does not consider
thousands of frameworks and packages written on top of it. For example, it
talks about Java's new logging service. Yes, it is still immature, but there
is a wonderful Log4j from Apache, which is nearly defacto standard being
used in hundreds of projects. Why these research companies do not understand
Java is not only Sun? How many logging frameworks they tested related with
Java before preparing this report? If they did not, why? If they did, why
we do not see the names? What about the frameworks other than logging?

4. The total number of views on which the comparisons are based on are very
few. There are many more things to compare other than these bullets.

Re: .NET vs. Enterprise Java: Who's Got Better Security?

"Glen Kunene" <gkunene@devx.com> wrote:
>Which platform would you entrust your enterprise apps to, Java or .NET?
.NET
>Why?
Performance, life cycle cost, time to market, security, reliability, maintainability,
scalability
>What features would be on your enterprise security wish list?
That MS would collect all the various security information into one well
written document instead of scattered all over MSDN.

As for the article on DevX, it really didn't say much. Foliage, the authors
of the article, haven't worked on any recent Microsoft technology, according
to their web site (http://www.foliage.com). They showed work on NT, DCOM,
and SQL Server 7 - nothing about Win2K, XP, COM+, or SQL Server 2000, much
less .NET.

I have worked in a J2EE shop (Java, Oracle, Netscape, CORBA as core technologies),
and have worked with MS technology for over 10 years. J2EE/CORBA/Oracle
is more costly and unstable to develop with, and as prone to security problems
(or more so) than Microsoft technology. What is often left out of the "politically
correct" assumption that IIS is the dregs of security is that it is attacked
many times more than UNIX based systems (Apache, Netscape, etc.), and thus
would be breached more. I have heard from several developers who work in
both UNIX and MS technologies that UNIX systems are easier to breach than
Windows systems, especially in the web servers. It's just that the anti-MS
zealots have more time on their hands to break the law by hacking into MS
based systems. MS developers tend to actually be working for a living and
having a social life, not hacking away in their basements.

Given a real world, enterprise class project, I guarantee that I (or any
experienced MS developer) could accomplish the project from requirements
to delivery for half the cost, in half the time, delivering a more stable,
reliable, scalable, secure, and maintainable system using .NET technologies
versus the J2EE/CORBA/Oracle/UNIX technologies. When producing results matters,
MS technologies (.NET, SQL Server, Win2K or XP, etc.) blow away UNIX based
technologies (J2EE, CORBA, Oracle, etc.). The good business decision is
.NET. The religious zealot's decision is J2EE.

I wonder if DevX would profit from a well publicized shoot-out between volunteer
developers, J2EE versus .NET. When the Foliage guys called Java the "more
mature" technology, it was obvious they didn't really know MS technology
well. Java was created to be the "VB" of UNIX. A simpler form of C++ that
could be ported amongst the myriad UNIX platforms. CORBA was the DCOM wannbe.
JDBC was the ODBC wannabe. Java was the VB wannabe. J2EE was the COM+
wannabe. .NET is the culmination of technology that has been maturing before
Java was ever written. You want maturity, go with MS technology. And hopefully,
we can get comparisions from someone with real, *current* MS experience the
next time.

Re: .NET vs. Enterprise Java: Who's Got Better Security?

"Jeff Jones" <jjones4@711Online.net> wrote:
>
>"Glen Kunene" <gkunene@devx.com> wrote:
>>Which platform would you entrust your enterprise apps to, Java or .NET?
>.NET
>
>>Why?
>Performance, life cycle cost, time to market, security, reliability, maintainability,
>scalability
>
>>What features would be on your enterprise security wish list?
>That MS would collect all the various security information into one well
>written document instead of scattered all over MSDN.
>
>As for the article on DevX, it really didn't say much. Foliage, the authors
>of the article, haven't worked on any recent Microsoft technology, according
>to their web site (http://www.foliage.com). They showed work on NT, DCOM,
>and SQL Server 7 - nothing about Win2K, XP, COM+, or SQL Server 2000, much
>less .NET.
>
>I have worked in a J2EE shop (Java, Oracle, Netscape, CORBA as core technologies),
>and have worked with MS technology for over 10 years. J2EE/CORBA/Oracle
>is more costly and unstable to develop with, and as prone to security problems
>(or more so) than Microsoft technology. What is often left out of the "politically
>correct" assumption that IIS is the dregs of security is that it is attacked
>many times more than UNIX based systems (Apache, Netscape, etc.), and thus
>would be breached more. I have heard from several developers who work in
>both UNIX and MS technologies that UNIX systems are easier to breach than
>Windows systems, especially in the web servers. It's just that the anti-MS
>zealots have more time on their hands to break the law by hacking into MS
>based systems. MS developers tend to actually be working for a living and
>having a social life, not hacking away in their basements.
>
>Given a real world, enterprise class project, I guarantee that I (or any
>experienced MS developer) could accomplish the project from requirements
>to delivery for half the cost, in half the time, delivering a more stable,
>reliable, scalable, secure, and maintainable system using .NET technologies
>versus the J2EE/CORBA/Oracle/UNIX technologies. When producing results
matters,
>MS technologies (.NET, SQL Server, Win2K or XP, etc.) blow away UNIX based
>technologies (J2EE, CORBA, Oracle, etc.). The good business decision is
>.NET. The religious zealot's decision is J2EE.
>
>I wonder if DevX would profit from a well publicized shoot-out between volunteer
>developers, J2EE versus .NET. When the Foliage guys called Java the "more
>mature" technology, it was obvious they didn't really know MS technology
>well. Java was created to be the "VB" of UNIX. A simpler form of C++ that
>could be ported amongst the myriad UNIX platforms. CORBA was the DCOM wannbe.
> JDBC was the ODBC wannabe. Java was the VB wannabe. J2EE was the COM+
>wannabe. .NET is the culmination of technology that has been maturing before
>Java was ever written. You want maturity, go with MS technology. And hopefully,
>we can get comparisions from someone with real, *current* MS experience
the
>next time.
>

Well, slightly agree with the arguments given above. Definitely MS has a
leading edge in case of development time,user interface or cost of the project
is concerns. But I think we are discussing here on the security of the .Net
and Java. So let's go along with it, don't deviate. My opinion on security
is Java definitely has longggggggg edge over the market. History of the security
breach shows that, IIS is the most vulnerable system if security is concerns.
On the other hand, Java has been proven in the market, it was developed incermentally,
and tested and implemented thoroughly in the market. Also I am strongly disagree
with one of the author who says UNIX systems are easier to breach than MS.
Any body can breach in the MS security, but UNIX can be breach by very few.
That's why MS systems are easier to breach than the UNIX.

Re: .NET vs. Enterprise Java: Who's Got Better Security?

Java runs on more platforms that just Unix. It is NOT a Unix technology.
It also runs on one of the most (if not the most) secure platforms. .Net
will never run there (99.9% sure).

Typically, the problems people have with developing in Java is due lack of
experience, lack of knowledge and using the wrong tools or the wrong combination.
The same problems they now will have with .Net. Sure I can crank out code
with wizards but how maintainable, modifiable and reusable is that code?
Not very good. How long is its lifecycle? Not very long.

Your experience with Java says you worked in a Shop that attempts to use
Java and Java Technologies. I would not consisder them a Java Shop.

We are using Java in a high performance, distributed environment and it is
very stable - Client(Swing) and Server side(Servlets). And Unix is not
a platform we currently deploy to.

I would say the good decision is Java. The short sighted, religious decision
is .Net. .Net is a total change of direction and it is not yet complete
because it still relies on COM for many things. And more scarily, it still
is a single vendor, single platform solution. Does .Net introduce some new
and good concepts? Sure. But it still doesn't do things Java does. How
many things can I get for free with Java that I have to pay for with .Net?
(Java - everything can be free | .Net - all major pieces cost). More and
more companies and organizations are going to alternate platforms. Some
slowly, some quickly.

Mark

"Jeff Jones" <jjones4@711Online.net> wrote:
>
>"Glen Kunene" <gkunene@devx.com> wrote:
>>Which platform would you entrust your enterprise apps to, Java or .NET?
>.NET
>
>>Why?
>Performance, life cycle cost, time to market, security, reliability, maintainability,
>scalability
>
>>What features would be on your enterprise security wish list?
>That MS would collect all the various security information into one well
>written document instead of scattered all over MSDN.
>
>As for the article on DevX, it really didn't say much. Foliage, the authors
>of the article, haven't worked on any recent Microsoft technology, according
>to their web site (http://www.foliage.com). They showed work on NT, DCOM,
>and SQL Server 7 - nothing about Win2K, XP, COM+, or SQL Server 2000, much
>less .NET.
>
>I have worked in a J2EE shop (Java, Oracle, Netscape, CORBA as core technologies),
>and have worked with MS technology for over 10 years. J2EE/CORBA/Oracle
>is more costly and unstable to develop with, and as prone to security problems
>(or more so) than Microsoft technology. What is often left out of the "politically
>correct" assumption that IIS is the dregs of security is that it is attacked
>many times more than UNIX based systems (Apache, Netscape, etc.), and thus
>would be breached more. I have heard from several developers who work in
>both UNIX and MS technologies that UNIX systems are easier to breach than
>Windows systems, especially in the web servers. It's just that the anti-MS
>zealots have more time on their hands to break the law by hacking into MS
>based systems. MS developers tend to actually be working for a living and
>having a social life, not hacking away in their basements.
>
>Given a real world, enterprise class project, I guarantee that I (or any
>experienced MS developer) could accomplish the project from requirements
>to delivery for half the cost, in half the time, delivering a more stable,
>reliable, scalable, secure, and maintainable system using .NET technologies
>versus the J2EE/CORBA/Oracle/UNIX technologies. When producing results
matters,
>MS technologies (.NET, SQL Server, Win2K or XP, etc.) blow away UNIX based
>technologies (J2EE, CORBA, Oracle, etc.). The good business decision is
>.NET. The religious zealot's decision is J2EE.
>
>I wonder if DevX would profit from a well publicized shoot-out between volunteer
>developers, J2EE versus .NET. When the Foliage guys called Java the "more
>mature" technology, it was obvious they didn't really know MS technology
>well. Java was created to be the "VB" of UNIX. A simpler form of C++ that
>could be ported amongst the myriad UNIX platforms. CORBA was the DCOM wannbe.
> JDBC was the ODBC wannabe. Java was the VB wannabe. J2EE was the COM+
>wannabe. .NET is the culmination of technology that has been maturing before
>Java was ever written. You want maturity, go with MS technology. And hopefully,
>we can get comparisions from someone with real, *current* MS experience
the
>next time.
>

Re: .NET vs. Enterprise Java: Who's Got Better Security?

Thank you for kindness in your reply. So let me kindly be specific where
we can agree to disagree.
>My opinion on security is Java definitely has longggggggg edge over the
>market. History of the security breach shows that, IIS is the most
>vulnerable system if security is concerns.
Not really. It is the most attacked. IIS, properly setup, is as secure
as any properly setup UNIX based web server.
>On the other hand, Java has been proven in the market, it was developed
>incermentally, and tested and implemented thoroughly in the market.
And it was developed *after* Microsoft's VB technology. VB.NET is but another
incremental (albeit a big one) step in the evolution of intelligent, efficient
programming. Java has yet to catch up. No doubt it can, should Sun decide
to spend their money on good developers instead of lawyers.
>Also I am strongly disagree with one of the author who says UNIX systems
>are easier to breach than MS.
You can disagree, but I have heard this from several experienced UNIX admins.
As with web servers, it depends more on the expertise of the OS admin than
the OS itself. Both can be made secure, and both can be setup foolishly.
>Any body can breach in the MS security, but UNIX can be breach by very
>few. That's why MS systems are easier to breach than the UNIX.
That is the "conventional wisdom", but like most "conventional wisdom", it
has little to do with wisdom or reason. MS systems are attacked far more
than UNIX based systems because there are more anti-MS zealots who have the
time on their hands to wage war against MS than there are anti-UNIX zealots
willing to do the same. Personally, I'd like to see MS and web site owners
running MS OSs push law enforcement to catch, prosecute, and punish with
the maximum sentence anyone who maliciously attacks an Internet site. Put
a few of the anti-MS zealots (who break the law) in jail for a few years,
and you'll see attacks on MS systems drop dramatically. On the other hand,
web site owners have a responsibility to setup their sites securely, or accept
the consequences. That means hiring experienced admins, whether UNIX or
Windows.

Re: .NET vs. Enterprise Java: Who's Got Better Security?

>>On the other hand, Java has been proven in the market, it was developed
>
>>incermentally, and tested and implemented thoroughly in the market.
>And it was developed *after* Microsoft's VB technology. VB.NET is but another
>incremental (albeit a big one) step in the evolution of intelligent, efficient
>programming. Java has yet to catch up. No doubt it can, should Sun decide
>to spend their money on good developers instead of lawyers.
>

.Net is a total, other than similar syntax, shift in direction. Where does
Java have to catch up? .Net is an attempt to level the playing field.

Re: .NET vs. Enterprise Java: Who's Got Better Security?

>Java runs on more platforms that just Unix. It is NOT a Unix technology.
Sure it is. Java is a proprietary programming language, made by Sun, who
also makes the UNIX variant Solaris, and a line of servers and desktops that
run UNIX only. Java shines on UNIX, and runs like a 3-legged donkey on Windows.
>It also runs on one of the most (if not the most) secure platforms.
If you are saying that UNIX is more secure than WindowsNT/2K/XP, then that
is an opinion, but one without merit. A UNIX system setup by an experienced
UNIX admin is no more secure than a Windows system set up by an experienced
Windows admin. It is when either system is setup by the less experienced
that problems arise. And I doubt UNIX systems could fare any better if they
had the same level of attacks by zealots that MS sites have.
>.Net will never run there (99.9% sure).
The CLR is being ported to UNIX, though I do not know about the various Windows
services the CLR exposes. However, SoftwareAG and MainWin have made Win32
and VB runtime libraries for almost every UNIX variant for years. So I wouldn't
say 99.9%, but a good port of most of the namespaces is possible. Personally,
MS would be smarter to port it all to Apple's OSX first. They already have
a number of MS products running on the Mac. Besides, MS probably has its
hands full porting Visual Studio.NET to 64 bit Windows. There really isn't
a good business case for choosing UNIX over Windows anyway. Life cycle cost
is so much lower with Windows, without sacrificing performance, reliability,
or scalability.
>Typically, the problems people have with developing in Java is due lack
of
>experience, lack of knowledge and using the wrong tools or the wrong
>combination.
>Your experience with Java says you worked in a Shop that attempts to use
>Java and Java Technologies. I would not consisder them a Java Shop.
Actually, the company hired the best Java programmers, Oracle DB admins and
programmers, and Sun Solaris admins available at the time, and paid well
above the going rate to get them. All were experienced in their technologies
before coming to that company. While I may not be an advocate of Java, Oracle,
Sun, and other UNIX technologies, these guys and gals are some of the brightest
lights on the string. They made some very complex n-tiered apps, but with
*many* more man-hours required, and *many* more bugs in the version submitted
to Quality Assurance than other complex n-tier apps done with MS technologies.
>The same problems they now will have with .Net. Sure I can crank out
>code with wizards but how maintainable, modifiable and reusable is that
>code? Not very good. How long is its lifecycle? Not very long.
So you really haven't used .NET in depth, I take it? .NET's wizards are
helpful, but as all experienced VB programmers know, to make solid, efficient
programs, you write code.
>We are using Java in a high performance, distributed environment and it
is
>very stable - Client(Swing) and Server side(Servlets). And Unix is not
>a platform we currently deploy to.
If you mean you deploy to Windows, then I would have to wonder *why???*,
other than if it is a product that must run on multiple OS platforms. The
same software written in VB6 or VB.NET, ASP, etc. runs rings around Java
in terms of performance, reliability, and scalability. And, it could be
developed in half the man-hours with fewer bugs. And require less hardware
resources to run. Java is the best bet for UNIX, for that is what it is
designed for, and one can develop faster than in C++ on UNIX. But on Windows,
it is way too slow and costly to compete with VB or .NET.
>I would say the good decision is Java. The short sighted, religious
>decision is .Net.
Well, let's look at that. A religious decision is one made on faith, not
solely on fact and reason. So let's say I have a project to do. MS technologies
allow me (or my team) to develop in less time, with less expense (labor and
materials), on less expensive platforms, with fewer bugs, better performance,
and the ability to get it to market sooner with more features. So how do
I explain to the CIO and CFO that I should spend more money so I can use
Java? More cost, no additional benefits to show for that cost. Thus, the
decision to use MS technologies is one based on a reasoned business case,
whereas the decision to use UNIX technolgies (like Java) must ignore the
facts and work against the business case - on faith.
>.Net is a total change of direction and it is not yet complete
>because it still relies on COM for many things.
Don't fall for the hype that .NET is something new. It isn't. C# is new,
as a language, to be sure. But VB.NET is a natural evolution of VB6. Webforms
are an evolution of VB6's webclasses. Webservices are an evolution of the
SOAP toolkit in VB6. ADO.NET is an evolution of ADO in VB6. COM was, and
is, a very powerful feature of Windows that VB took great advantage of.
You do not have to use COM in .NET, but you can if you choose. The namespaces
available in .NET are, in my opinion, just an evolution of COM.
>And more scarily, it still is a single vendor, single platform solution.

Right and wrong. It is a single vendor development platform, jut as Java
is a single vendor (Sun) development platform. *Nobody* adds anything to
Java without Sun's permission and paying them dearly for the priviledge.
As for the single platform, that is a strength, not a weakness. I can buy
hardware from HP, Compaq, IBM, Dell - just about everybody but Sun - and
run Windows. Windows provides a number of services you have to pay for in
UNIX, and how Windows handles loading & referencing DLLs is vastly superior
to the memory hogs found in UNIX. Sun should seriously worry when the MS
BackOffice products and Visual Studio.NET are all ported to Win64. Right
now, 32 bit systems are outperforming 64 bit UNIX systems. That gap will
likely get much larger when MS solutions are 64 bit systems.
>Does .Net introduce some new and good concepts? Sure. But it still
>doesn't do things Java does.
Such as? I guarantee you I (or any other experienced VB programmer) can
develop to any spec Java programmers can.
>How many things can I get for free with Java that I have to pay for
>with .Net? (Java - everything can be free | .Net - all major pieces
>cost).
The .NET SDK, CLR, etc. is free. The tools cost money. VB.NET Standard
is $99. Visual Studio Professional for students is $99. For less than $3,000,
you can get every development tool, OS, BackOffice product, and desktop product
that MS makes (MSDN Universal). What price is JBuilder and other professional-level
Java development suites? Of course, in .NET as in Java, you can just run
VI, EMACS, or some other freebie text editor and dispense with the tools
altogether. Keep this in mind - 3rd parties develop far more professional-grade
components for VB than for Java - because there is a profit in it. Without
the profit motive, you get mediocrity. Look at the Open Software movement
- lots of free stuff almost nobody wants. There are a number of good Java
components on the market (see www.componentsource.com), but they come at
a price.
>More and more companies and organizations are going to alternate
>platforms. Some slowly, some quickly.
Not really. Most of the .COMs that died in the last year or so were UNIX/Java
oriented. The slow time to market, lack of product features, and high life
cycle cost added to the problem the companies had in turning a profit. It's
now how many - it is how many are able to successfully run a business with
the chosen technology.

Now, I don't say any of this to change your mind. And I do not mean in any
way to imply you are anything less than a knowledge professional in what
you do. I assume we both like the technologies we've chosen, are good at
what we do, and will stay with them. But, it is good for those who may stumble
across this thread to hear a good back-and-forth on the subject, so they
can make up their own minds.

Re: .NET vs. Enterprise Java: Who's Got Better Security?

"Jeff Jones" <jjones4@711Online.net> wrote:
>
>>Java runs on more platforms that just Unix. It is NOT a Unix technology.
>Sure it is. Java is a proprietary programming language, made by Sun, who
>also makes the UNIX variant Solaris, and a line of servers and desktops
that
>run UNIX only. Java shines on UNIX, and runs like a 3-legged donkey on
Windows.

Java is not made by Sun alone. This is FUD.

Well it runs great on Windows for us. Maybe Windows is a 3-legged donkey.
So it runs on Unix really good? I would love to use it instead of Windows
then. How much MS code runs on AS400, Unix, OS390, Linux, OS2, .... ?
>
>>It also runs on one of the most (if not the most) secure platforms.
>If you are saying that UNIX is more secure than WindowsNT/2K/XP, then that
>is an opinion, but one without merit. A UNIX system setup by an experienced
>UNIX admin is no more secure than a Windows system set up by an experienced
>Windows admin. It is when either system is setup by the less experienced
>that problems arise. And I doubt UNIX systems could fare any better if
they
>had the same level of attacks by zealots that MS sites have.
>

No, I am talking about OS390.
>>.Net will never run there (99.9% sure).
>The CLR is being ported to UNIX, though I do not know about the various
Windows
>services the CLR exposes. However, SoftwareAG and MainWin have made Win32
>and VB runtime libraries for almost every UNIX variant for years. So I
wouldn't
>say 99.9%, but a good port of most of the namespaces is possible. Personally,
>MS would be smarter to port it all to Apple's OSX first. They already have
>a number of MS products running on the Mac. Besides, MS probably has its
>hands full porting Visual Studio.NET to 64 bit Windows. There really isn't
>a good business case for choosing UNIX over Windows anyway.

Again, I wasn't taking about Unix.
Uh, MS is not porting it. It the port to Linux is getting no help from MS.
If anything, they are hindering the move. If it suceeds, it will be very
bad for them.
>Life cycle cost
>is so much lower with Windows, without sacrificing performance, reliability,
>or scalability.

Is it? The whole lifecycle? What if the lifecycle is shorter? And performance
is better on Unix with Java (according to you). Wouldn't .Net run there
(and on Mainframes) faster and better and be more scalable?
>
>>Typically, the problems people have with developing in Java is due lack
>of
>>experience, lack of knowledge and using the wrong tools or the wrong
>>combination.
>>Your experience with Java says you worked in a Shop that attempts to use
>>Java and Java Technologies. I would not consisder them a Java Shop.
>Actually, the company hired the best Java programmers, Oracle DB admins
and
>programmers, and Sun Solaris admins available at the time, and paid well
>above the going rate to get them. All were experienced in their technologies
>before coming to that company. While I may not be an advocate of Java,
Oracle,
>Sun, and other UNIX technologies, these guys and gals are some of the brightest
>lights on the string. They made some very complex n-tiered apps, but with
>*many* more man-hours required, and *many* more bugs in the version submitted
>to Quality Assurance than other complex n-tier apps done with MS technologies.

Well, we SEEM to be less experienced but don't have the same problems. Obviously
they didn't hire the best.
>
>>The same problems they now will have with .Net. Sure I can crank out
>>code with wizards but how maintainable, modifiable and reusable is that
>
>>code? Not very good. How long is its lifecycle? Not very long.
>So you really haven't used .NET in depth, I take it?

Obviously you haven't used Java in depth.
>.NET's wizards are
>helpful, but as all experienced VB programmers know, to make solid, efficient
>programs, you write code.

Thats my point. Take away the wizards and coding in .Net is no faster than
Java with a notepad. And if you look around, there are few experienced (according
to your definition) VB programmers. By the way I am experienced with VB
and MS technologies.
>
>>We are using Java in a high performance, distributed environment and it
>is
>>very stable - Client(Swing) and Server side(Servlets). And Unix is not
>>a platform we currently deploy to.
>If you mean you deploy to Windows, then I would have to wonder *why???*,
>other than if it is a product that must run on multiple OS platforms. The
>same software written in VB6 or VB.NET, ASP, etc. runs rings around Java
>in terms of performance, reliability, and scalability. And, it could be
>developed in half the man-hours with fewer bugs. And require less hardware
>resources to run. Java is the best bet for UNIX, for that is what it is
>designed for, and one can develop faster than in C++ on UNIX. But on Windows,
>it is way too slow and costly to compete with VB or .NET.

That is what you say. But we are doing it. Why are we deploying to Windows?
Because that is what is there. I can run Linux and Java on a 486. Try
that with .Net.
>
>>I would say the good decision is Java. The short sighted, religious
>>decision is .Net.
>Well, let's look at that. A religious decision is one made on faith, not
>solely on fact and reason. So let's say I have a project to do. MS technologies
>allow me (or my team) to develop in less time, with less expense (labor
and
>materials), on less expensive platforms, with fewer bugs, better performance,
>and the ability to get it to market sooner with more features. So how do
>I explain to the CIO and CFO that I should spend more money so I can use
>Java? More cost, no additional benefits to show for that cost. Thus, the
>decision to use MS technologies is one based on a reasoned business case,
>whereas the decision to use UNIX technolgies (like Java) must ignore the
>facts and work against the business case - on faith.

Your presupposition is based on FUD and/or a bad experience.
>
>>.Net is a total change of direction and it is not yet complete
>>because it still relies on COM for many things.
>Don't fall for the hype that .NET is something new. It isn't. C# is new,
>as a language, to be sure. But VB.NET is a natural evolution of VB6. Webforms
>are an evolution of VB6's webclasses. Webservices are an evolution of the
>SOAP toolkit in VB6. ADO.NET is an evolution of ADO in VB6. COM was, and
>is, a very powerful feature of Windows that VB took great advantage of.
>You do not have to use COM in .NET, but you can if you choose. The namespaces
>available in .NET are, in my opinion, just an evolution of COM.

So where is the missing link? I've looked at VB.Net and it is totally different.
It is not evolution - it is creation.
>
>>And more scarily, it still is a single vendor, single platform solution.
>
>Right and wrong. It is a single vendor development platform, jut as Java
>is a single vendor (Sun) development platform.
Java is not single vendor. Sun is somewhat in control. That is all.
> *Nobody* adds anything to
>Java without Sun's permission and paying them dearly for the priviledge.
FUD.
> As for the single platform, that is a strength, not a weakness. I can
buy
>hardware from HP, Compaq, IBM, Dell - just about everybody but Sun - and
>run Windows.

Could you make mine run? It crashes alot.
If you think single vendor is a strength ...
If the hardware vendors don't use install Windows they pay dearly.
>Windows provides a number of services you have to pay for in
>UNIX, and how Windows handles loading & referencing DLLs is vastly superior
>to the memory hogs found in UNIX. Sun should seriously worry when the MS
>BackOffice products and Visual Studio.NET are all ported to Win64. Right
>now, 32 bit systems are outperforming 64 bit UNIX systems. That gap will
>likely get much larger when MS solutions are 64 bit systems.

Look beyond Unix. You seem to be stuck on it. I'm not.
>
>>Does .Net introduce some new and good concepts? Sure. But it still
>>doesn't do things Java does.
>Such as? I guarantee you I (or any other experienced VB programmer) can
>develop to any spec Java programmers can.

So if VB6 is so good why is it so gone? From experience, I'm able to do
things in Java that could NEVER be done in VB. Maybe I can in .Net.
>
>>How many things can I get for free with Java that I have to pay for
>>with .Net? (Java - everything can be free | .Net - all major pieces
>>cost).
>The .NET SDK, CLR, etc. is free. The tools cost money. VB.NET Standard
>is $99. Visual Studio Professional for students is $99. For less than
$3,000,
>you can get every development tool, OS, BackOffice product, and desktop
product
>that MS makes (MSDN Universal). What price is JBuilder and other professional-level
>Java development suites? Of course, in .NET as in Java, you can just run
>VI, EMACS, or some other freebie text editor and dispense with the tools
>altogether. Keep this in mind - 3rd parties develop far more professional-grade
>components for VB than for Java - because there is a profit in it. Without
>the profit motive, you get mediocrity. Look at the Open Software movement
>- lots of free stuff almost nobody wants. There are a number of good Java
>components on the market (see www.componentsource.com), but they come at
>a price.

All quality products. None mediocre.
>
>>More and more companies and organizations are going to alternate
>>platforms. Some slowly, some quickly.
>Not really. Most of the .COMs that died in the last year or so were UNIX/Java
>oriented. The slow time to market, lack of product features, and high life
>cycle cost added to the problem the companies had in turning a profit.
It's
>now how many - it is how many are able to successfully run a business with
>the chosen technology.

Looks like you've researched alot of Companies. I would venture a guess
that this is just a guess to support your unsupported presupposition.
>
>Now, I don't say any of this to change your mind. And I do not mean in
any
>way to imply you are anything less than a knowledge professional in what
>you do. I assume we both like the technologies we've chosen, are good at
>what we do, and will stay with them. But, it is good for those who may
stumble
>across this thread to hear a good back-and-forth on the subject, so they
>can make up their own minds.
>

Re: .NET vs. Enterprise Java: Who's Got Better Security?

>Java is not made by Sun alone. This is FUD.
LOL! Yeah, right. Try adding anything to the Java language, and see what
happens. Sun has, and will continue, to sue anyone changing their copyrighted
product without their permission. Lots of folks do things *with* Java, but
Sun owns it lock, stock, and barrel.
>Well it runs great on Windows for us. Maybe Windows is a 3-legged donkey.
>So it runs on Unix really good? I would love to use it instead of Windows
Then do it. Perhaps your apps aren't very demanding.
>How much MS code runs on AS400, Unix, OS390, Linux, OS2, .... ?
A lot if you use MainWin's Win32 libraries. And optionally SoftwareAG's VB
runtime libraries (which run on UNIX and IBM-compatible mainframes). Other
than that, why should MS make their stuff run on OS platforms that are not
cost effective against the myriad of hardware platforms that already run
Windows?
>No, I am talking about OS390.
That clears it up. I didn't see that in the other postings. I was focused
more on mainstream (as in number of servers running the OS) OSs, which is
Windows and UNIX.
>Again, I wasn't taking about Unix.
Granted. Same reasoning applies, even more so, to "new construction" when
it comes to OS390.
>Uh, MS is not porting it. It the port to Linux is getting no help from
>MS. If anything, they are hindering the move. If it suceeds, it will be
>very bad for them.
The company that is porting it was mentioned in an article I read (not from
MS) where MS is cooperating.
>Is it? The whole lifecycle? What if the lifecycle is shorter?
Yes, where lifecycle is closely tied to depreciation. The shorter the life
cycle, the more important rapid development is to reducing cost, which gives
the edge to MS products.
>And performance is better on Unix with Java (according to you).
>Wouldn't .Net run there (and on Mainframes) faster and better and be more
>scalable?
No. Windows does so much more than UNIX (a much older OS architecture).
It is a myth that UNIX outperforms Windows. If you are just running the
barebones kernel, then yes, UNIX outperforms Windows (except perhaps the
embedded Windows which eliminates a lot fo the extras). But who runs a server
jsut to run the kernel? Add real world applications, and Windows outperforms
UNIX. Look at the top ten TPC-C benchmarks. Same scenario for UNIX and
Windows, yet Windows wins hands down.
>Well, we SEEM to be less experienced but don't have the same problems.
>Obviously they didn't hire the best.
No need to insult your Java colleagues. As I said before, perhaps the distributed
apps they did were simply more complex.
>Obviously you haven't used Java in depth.
Nope. I used it some, but I draw from my work with, and observation of,
several other developers who *do* use Java in depth. When results count,
Java presents problems to the bottom line. If the bottom line is irrelevant,
or existing OSs mandate it, then there is nothing wrong with Java.
>Thats my point. Take away the wizards and coding in .Net is no faster
>than Java with a notepad.
I guess I misunderstood what you meant by wizards. A good IDE is not a wizard
in what I was talking about. I was referring to writing ADO code as opposed
to using ADO controls and bound controls, for example. .NET's IDE, as was
VB6's IDE, is much more productive than the competition.
>And if you look around, there are few experienced (according
>to your definition) VB programmers. By the way I am experienced with VB
>and MS technologies.
Actually, there are more than experienced Java programmers. I took time
off to write my own components for sale, and now that I am finished, I am
back in the job market. At least here in Atlanta, lots more VB programmers
in professional coding positions than Java programmers in trhe same professional
level jobs. I hear the same from recruiters - that they place more VB than
Java folks. I am sure it varies from place to place.
>That is what you say.
That is also what I do. I've done several projects in the past where the
Java folks tried to develop the same thing. I always finished first, with
fewer bugs, more features, and requiring less hardware for it to run on.
>But we are doing it. Why are we deploying to Windows? Because that is
>what is there.
I can see it if your customer requires you to use Windows and Java. That
doesn't leave you much room but to do it that way.
>I can run Linux and Java on a 486.
And do what with it? There isn't much of a market for those old boat anchors.
>Try that with .Net.
I wouldn't. No reason to. I can imagine trying to sell a CIO on using old
junky 486s that can't be maintained and can't support much in the way of
applications. Especially when I can get a new PC for less than $1000. it
jsut doesn't make sense, except for the hobbyist.
>Your presupposition is based on FUD and/or a bad experience.
LOL! "FUD" seems to be the last refuge of those who can't accept reality.
It is based on reality, study, analysis, and the experience of very qualified
people.
>So where is the missing link? I've looked at VB.Net and it is totally
>different. It is not evolution - it is creation.
Well, I explained what evolved to what. If that wasn't clear enough, I really
don't know how to make it simpler. I have been programming in VB since V1
10 years ago. The biggest hurdle is changing from COM objects to namespaces,
since the names aren't always the same. But that is a small hurdle compared
to learning Java for a VB programmer.
>> *Nobody* adds anything to
>>Java without Sun's permission and paying them dearly for the priviledge.
>FUD.
Come on, name a company who has extended the Java language or made a Java
VM without Sun's permission.
>Could you make mine run? It crashes alot.
Probably. Are you running NT, Win2K, or XP? Whose JVM do you use? Are
you sure your drivers were certified for the OS? Have you checked for memory
leaks in non-MS apps? I've had NT servers than run for months before being
rebooted, and only then to upgrade something. Win2K and XP do the same.
It's like I said - it is more dependent on the skills of eh admin than the
type of OS used.
>If you think single vendor is a strength ...
>If the hardware vendors don't use install Windows they pay dearly.
Used to. MS stopped doing that a while back. Most all of them offer Linux
or other UNIX OSs. Its just that most people want Windows. In a sense,
they do pay dearly if they don't offer Windows - they sell less hardware.
>Look beyond Unix. You seem to be stuck on it. I'm not.
That is because I didn't know until this post you were working with OS390.
Like I said, Windows and UNIX is the vast majority of server OSs.
>So if VB6 is so good why is it so gone?
It's not gone. I still use it. MS still supports it, and will for the next
few years, at least. Their policy is to support products up to two versions
back. Heck, I can still find support at MS for VB3.
>From experience, I'm able to do
>things in Java that could NEVER be done in VB.
Name some. I'll be glad to send you the code in VB6 to do it.
>Maybe I can in .Net.
If you want to.
>JBOSS - Free
>Apache.org - Free
>Linux - Free
>Eclipse/Netbeans - Free
>MySQL - Free
>All quality products. None mediocre.
Apache - maybe, but it is (from the admins I talked to) more difficult to
install and maintain. Definitely the choice of hobbyists. Linux is going
the way of OS2. It lacks the maturity of Windows, and its biggest drawback
is that Linux is still UNIX. A 35 year old OS that was designed to have
a high and long learning curve. It was based on the presumption that hardware
resources were a restrictive cost. MySQL isn't scalable, and any kind of
Java beans is old technology.

I would recommend taking a look at http://www.objectwatch.com/, run by one
of CORBA's founders, Roger Sessions. He is an expert on both sides, and
gives good advice on both.
>Looks like you've researched alot of Companies. I would venture a guess
>that this is just a guess to support your unsupported presupposition.
You would venture wrong. I've been through two downsized companies, and
that got me to thinking. So I did some research, and found a common thread
among the "middle of the bell curve" of those companies that failed.
>Same here. I am using .Net too. Only where I have to.
I hope .NET only gets better for you. Then you'll have two powerful development
platforms to use.

Re: .NET vs. Enterprise Java: Who's Got Better Security?

"Jeff Jones" <jjones4@bellsouth.net> wrote:
>
>>Java is not made by Sun alone. This is FUD.
>LOL! Yeah, right. Try adding anything to the Java language, and see what
>happens. Sun has, and will continue, to sue anyone changing their copyrighted
>product without their permission. Lots of folks do things *with* Java,
but
>Sun owns it lock, stock, and barrel.
With IBM, Oracle, Bea, etc. java is nothing and Sun knows it.
>
>>Well it runs great on Windows for us. Maybe Windows is a 3-legged donkey.
>>So it runs on Unix really good? I would love to use it instead of Windows
>Then do it. Perhaps your apps aren't very demanding.
Yes they are. And it runs on multiple Machines. They are very demanding
and Java does the job. Java is used in stock market applications which are
very demanding.
>
>>How much MS code runs on AS400, Unix, OS390, Linux, OS2, .... ?
>A lot if you use MainWin's Win32 libraries. And optionally SoftwareAG's
VB
>runtime libraries (which run on UNIX and IBM-compatible mainframes). Other
>than that, why should MS make their stuff run on OS platforms that are not
>cost effective against the myriad of hardware platforms that already run
>Windows?
First, it wouldn't run as well. Second, depending on the application, it
can be cost effective.
>
>>No, I am talking about OS390.
>That clears it up. I didn't see that in the other postings. I was focused
>more on mainstream (as in number of servers running the OS) OSs, which is
>Windows and UNIX.
>
>>Again, I wasn't taking about Unix.
>Granted. Same reasoning applies, even more so, to "new construction" when
>it comes to OS390.
>
>>Uh, MS is not porting it. It the port to Linux is getting no help from
>
>>MS. If anything, they are hindering the move. If it suceeds, it will be
>
>>very bad for them.
>The company that is porting it was mentioned in an article I read (not from
>MS) where MS is cooperating.
Which one?
>
>>Is it? The whole lifecycle? What if the lifecycle is shorter?
>Yes, where lifecycle is closely tied to depreciation. The shorter the life
>cycle, the more important rapid development is to reducing cost, which gives
>the edge to MS products.

Then you don't understand life cycle. You want the life cycle of an application
to be as long as possible. A life cycle is not just designing coding and
implementing. You want the iterations to be short.
>
>>And performance is better on Unix with Java (according to you).
>>Wouldn't .Net run there (and on Mainframes) faster and better and be more
>
>>scalable?
>No. Windows does so much more than UNIX (a much older OS architecture).
> It is a myth that UNIX outperforms Windows. If you are just running the
>barebones kernel, then yes, UNIX outperforms Windows (except perhaps the
>embedded Windows which eliminates a lot fo the extras). But who runs a
server
>jsut to run the kernel? Add real world applications, and Windows outperforms
>UNIX. Look at the top ten TPC-C benchmarks. Same scenario for UNIX and
>Windows, yet Windows wins hands down.

Benchmarks are usually rigged. Talk to IBM. The have a hand in all platforms.
For the right application UNIX can save an organiztion money.
>
>>Well, we SEEM to be less experienced but don't have the same problems.
>
>>Obviously they didn't hire the best.
>No need to insult your Java colleagues. As I said before, perhaps the distributed
>apps they did were simply more complex.
OO design and coding does take long than proceedural. But the design and
coding iterations can be shorter. It is not an insult just realility.
>
>>Obviously you haven't used Java in depth.
>Nope. I used it some, but I draw from my work with, and observation of,
>several other developers who *do* use Java in depth. When results count,
>Java presents problems to the bottom line. If the bottom line is irrelevant,
>or existing OSs mandate it, then there is nothing wrong with Java.
>
How long ago was this Java developement? Java works and works well. The
fact that there is good Java development going on leaves the only answer
to be they weren't that experienced.
>>Thats my point. Take away the wizards and coding in .Net is no faster
>>than Java with a notepad.
>I guess I misunderstood what you meant by wizards. A good IDE is not a
wizard
>in what I was talking about. I was referring to writing ADO code as opposed
>to using ADO controls and bound controls, for example. .NET's IDE, as was
>VB6's IDE, is much more productive than the competition.

I've used both (VB more than any Java) and I am more productive in my Java
IDE.
>
>>And if you look around, there are few experienced (according
>>to your definition) VB programmers. By the way I am experienced with VB
>>and MS technologies.
>Actually, there are more than experienced Java programmers. I took time
>off to write my own components for sale, and now that I am finished, I am
>back in the job market. At least here in Atlanta, lots more VB programmers
>in professional coding positions than Java programmers in trhe same professional
>level jobs. I hear the same from recruiters - that they place more VB than
>Java folks. I am sure it varies from place to place.

I was using 'experienced' the way you were. There are many VB programmers.
The majority of them are not 'experienced'. All of which will have to a
new language be it VB.Net or C# or ... .
>
>>That is what you say.
>That is also what I do. I've done several projects in the past where the
>Java folks tried to develop the same thing. I always finished first, with
>fewer bugs, more features, and requiring less hardware for it to run on.

10 years experience vs a couple years at best? Sounds fair to me. Getting
done first is not the most important thing. Have you ever watch junkyard
wars?

Yes, bugs are bad. But usually programmer error not language.

Have you really compared VB.Net and C# with Java? As languages, they really
are no different.
>
>>But we are doing it. Why are we deploying to Windows? Because that is
>>what is there.
>I can see it if your customer requires you to use Windows and Java. That
>doesn't leave you much room but to do it that way.
The same is true if they require MS tools and platform. WHat is your point?
>
>>I can run Linux and Java on a 486.
>And do what with it? There isn't much of a market for those old boat anchors.

You said Java has greater platform requirements. Just proving it doesn't.
By the way, they make good firewalls. And embedded computers.
>
>>Try that with .Net.
>I wouldn't. No reason to. I can imagine trying to sell a CIO on using
old
>junky 486s that can't be maintained and can't support much in the way of
>applications. Especially when I can get a new PC for less than $1000.
it
>jsut doesn't make sense, except for the hobbyist.

Lots of 386 and 486 computers are in use today.
>
>>Your presupposition is based on FUD and/or a bad experience.
>LOL! "FUD" seems to be the last refuge of those who can't accept reality.
> It is based on reality, study, analysis, and the experience of very qualified
>people.
Your reality and research which seem to be limited. I look everywhere and
see Java succeeding.
>
>>So where is the missing link? I've looked at VB.Net and it is totally
>>different. It is not evolution - it is creation.
>Well, I explained what evolved to what. If that wasn't clear enough, I
really
>don't know how to make it simpler. I have been programming in VB since
V1
>10 years ago. The biggest hurdle is changing from COM objects to namespaces,
>since the names aren't always the same. But that is a small hurdle compared
>to learning Java for a VB programmer.

But VB6 is dead. VB.Net is totally different. And it and C# resemble Java
so much that it is laughable. And the IDE is different. So a good Java
programmer has a shorter distance to .Net than most VBers.
>
>>> *Nobody* adds anything to
>>>Java without Sun's permission and paying them dearly for the priviledge.
>>FUD.
>Come on, name a company who has extended the Java language or made a Java
>VM without Sun's permission.
IBM.
>
>>Could you make mine run? It crashes alot.
>Probably. Are you running NT, Win2K, or XP? Whose JVM do you use? Are
>you sure your drivers were certified for the OS? Have you checked for memory
>leaks in non-MS apps? I've had NT servers than run for months before being
>rebooted, and only then to upgrade something. Win2K and XP do the same.
It has nothing to do with Java. It is Windows. You are lucky. Must not
be doing anything complicated.
> It's like I said - it is more dependent on the skills of eh admin than
the
>type of OS used.
>
>>If you think single vendor is a strength ...
>>If the hardware vendors don't use install Windows they pay dearly.
>Used to.
Still do. And it is worse. Thanks justice department.
> MS stopped doing that a while back. Most all of them offer Linux
>or other UNIX OSs. Its just that most people want Windows. In a sense,
>they do pay dearly if they don't offer Windows - they sell less hardware.

No people don't 'want' Windows. The are ill informed or aren't given a choice.
Go to Best buy and find a computer with anything besides Windows. Find
one without any OS. You won't.
>
>>Look beyond Unix. You seem to be stuck on it. I'm not.
>That is because I didn't know until this post you were working with OS390.

> Like I said, Windows and UNIX is the vast majority of server OSs.
Are they? The major of server applications are in COBOL and they run on
Mainframes.
>
>>So if VB6 is so good why is it so gone?
>It's not gone. I still use it. MS still supports it, and will for the
next
>few years, at least. Their policy is to support products up to two versions
>back. Heck, I can still find support at MS for VB3.
Good as gone. I guess that means OS2 isn't gone either.
>
>>From experience, I'm able to do
>>things in Java that could NEVER be done in VB.
>Name some. I'll be glad to send you the code in VB6 to do it.
Try doing MVC.
>
>>Maybe I can in .Net.
>If you want to.
I don't think MVC programming can fully be done in .Net
>
>>JBOSS - Free
>>Apache.org - Free
>>Linux - Free
>>Eclipse/Netbeans - Free
>>MySQL - Free
>>All quality products. None mediocre.
>Apache - maybe, but it is (from the admins I talked to) more difficult to
>install and maintain. Definitely the choice of hobbyists. Linux is going
>the way of OS2.

If OS2 is going like gangbusters then yes.
>It lacks the maturity of Windows, and its biggest drawback
>is that Linux is still UNIX. A 35 year old OS that was designed to have
>a high and long learning curve. It was based on the presumption that hardware
>resources were a restrictive cost. MySQL isn't scalable, and any kind of
>Java beans is old technology.
I didn't mention any Java beans. Obviously you are ill informed in Java
and OpenSource.
>
>I would recommend taking a look at http://www.objectwatch.com/, run by one
>of CORBA's founders, Roger Sessions. He is an expert on both sides, and
>gives good advice on both.

I don't use CORBA. Maybe that is the problem.
>
>>Looks like you've researched alot of Companies. I would venture a guess
>>that this is just a guess to support your unsupported presupposition.
>You would venture wrong. I've been through two downsized companies, and
>that got me to thinking. So I did some research, and found a common thread
>among the "middle of the bell curve" of those companies that failed.
>
Ok. I am constant looking at trends. Linux use is on the rise. So is Java.
>>Same here. I am using .Net too. Only where I have to.
>I hope .NET only gets better for you. Then you'll have two powerful development
>platforms to use.
>